For reference see T5233.
So right now, you only get an autoblock if you try to make an edit while logged in as the direct target of the block. Thus in the case of a cookie based block, no new autoblocks are handed out in the event of the cookie matching.
Instead maybe we should also trigger autoblocks when the cookie matches.
Proposed new workflow:
* User:Malory gets blocked
* User:Malory gets a different IP address. He's not stupid enough to edit with the same account, so he registers User:Malory2
* Since the cookie is still present, User:Malory2 is blocked via cookie [Up to this point is the current behaviour]
* A new autoblock is set for the IP that Malory2 tried to edit from [This would be the new proposed behaviour]
* Possibly (not sure), an autoblock should be placed on the user account Malory2, so that if he clears cookies, that account is still blocked.
Also, let's change the cookie expiration to expire after 24 hours or the length of the actual block, whichever is shorter (at least until we're sure that it's not causing any problems). (Hopefully, this is the same way that non-cookie autoblocks currently work.)